Microsoft Intune

Microsoft Intune

Microsoft Intune is an endpoint management solution that manages user access to organizational resources. When integrated with AssetExplorer Cloud, you can import asset information from Microsoft Intune into AssetExplorer Cloud.

 

Info
Microsoft Intune Integration is available only in the Enterprise edition.
Imported assets are referred to as devices in Microsoft Intune and as assets in AssetExplorer Cloud.

 

Supported Assets: Mobile Devices and Workstations
Supported OS: Windows, Mac OS, Android, and iOS.
 

Benefits of Integrating AssetExplorer Cloud with Microsoft Intune  

  1. Periodically sync device information between Microsoft Intune and AssetExplorer Cloud.
  2. View and manage assets from a single location.
  3. Perform several Intune actions such as restart, sync, wipe, retire, send notifications, and delete imported assets.
  4. Associate requests and contracts with imported devices.

 

Enable Microsoft Intune Integration  

Role Required: SDAdmin; Users with global administrator or Intune administrator role.
Only the SDAdmin with a Microsoft Intune account can set up the integration for the first time. After enabling the initial integration, any SDAdmin can enable/disable the integration.
  1. Go to Setup > Apps & Add-ons > Integrations > Third Party Integrations.
  2. On the Microsoft Intune card, click the toggle button to enable integration.

 

Configure Intune Actions   

When enabling MS Intune integration, select actions that can be performed on the assets within AssetExplorer Cloud.
The available actions are as follows:

Intune Actions

Explanation

Sync

Forces devices to sync with Microsoft Intune and imports any pending actions or policies assigned to the devices.

Wipe

Restores devices to their default factory settings. Both organization and personal data will be removed from the devices.

This action is not supported for macOS and iOS devices.

Restart

Restarts the device without informing the device owner.

Retire

Removes the selected devices from Microsoft Intune and deletes its managed app data, settings, and assigned email profiles.

Retired devices will no longer have access to organization resources.

Delete

Removes selected devices from Microsoft Intune.

Deleted devices will no longer have access to organization resources.

Send Notification

Sends custom messages to devices. The notifications will appear on the device lock screen.

Intune custom notifications are not supported on macOS and Windows.

 

Configure Sync Details     

  1. To configure sync actions, click Configure on the Microsoft Intune card on the integration page.
  1. Under Sync Settings, configure actions to be performed when an asset is removed from MS Intune:
    1. Do nothing: Asset data in AssetExplorer Cloud will be left as is.
    2. Modify asset state to: Asset state in AssetExplorer Cloud will be updated as configured here.
    3. Delete asset: Asset data will be removed from AssetExplorer Cloud.
  2. Sync user information from Microsoft intune: When this option is enabled, the primary user of the asset in MS Intune will be added as the resource owner of the asset in AssetExplorer Cloud.

Info
If the user is in MS Intune but not in AssetExplorer Cloud, a new user will be created in AssetExplorer Cloud and will be assigned to the asset.


  1. Under Conditions, configure actions to import devices from MS Intune into AssetExplorer Cloud.
  2. Without criteria: All assets from MS Intune will be imported.
  3. Based on criteria: Set specific conditions to import the assets.

 

  • Preview the list of devices that will be synced into AssetExplorer Cloud by clicking Preview Matching Assets (JSON).

  • Click Save to save the configurations, or Save and Sync to save the configurations and import the assets from MS Intune instantly.

The imported devices are stored under Assets > IT and classified as smartphones, tablets, or workstations.

The following information will be synced during the import
  1. Product name and model
  2. Device details like IMEI, serial number, network information, and operating system
  3. The asset names in AssetExplorer Cloud will be based on the device names configured in MS Intune. The Device ID will not be synced.
  4. Please maintain unique names for your devices in Intune, as the asset names in AssetExplorer Cloud are unique.

InfoThe imported devices will contain the Microsoft Intune logo beside their name in the assets list view and on their details page. You can perform several Intune actions such as restart, sync, wipe, retire, send notifications, and delete on imported devices. Click here to learn more.

 

View Last Synced Information   

  1. Go to Setup > Apps & Add-ons > Integrations > Third Party Integrations.
  1. On the Microsoft Intune card, click Synced info.

The synced information includes the number of assets that were added, updated, and removed. You can also see details on the next scheduled sync.

Besides viewing the last sync information, you can use Sync now to sync the device manually.

 

 

Disable Microsoft Intune Integration      

SDAdmins can disable the Microsoft Intune integration at any time. After disabling, imported devices will remain in the application. However, the device information will not be synced with Microsoft Intune, and Intune actions cannot be performed on imported devices from the AssetExplorer Cloud.
To disable Microsoft Intune Integration,
  1. Go to Setup > Apps & Add-ons > Integrations > Third Party Integrations.
  2. On the Microsoft Intune card, click the toggle button to disable integration.

 

 

Permissions    

  • DeviceManagementManagedDevices.ReadWrite.All

Allows the app to read and write the properties of devices managed by Microsoft Intune; however, it does not allow high-impact operations such as remote wipes and password reset on the device's user.

  •  DeviceManagementManagedDevices.Read.All

Allows the app to read the properties of devices managed by Microsoft Intune.

  • DeviceManagementManagedDevices.PrivilegedOperations.All

Allows the app to perform remote high-impact actions such as wiping the device or resetting the passcode on devices managed by Microsoft Intune.

 

FAQs  

1. What are the possible causes of assets not being synced into AssetExplorer Cloud from Microsoft Intune after enabling the integration?

Making API requests to retrieve devices from the Intune inventory might not work if the Microsoft account used for authorization doesn't have sufficient permissions in Intune. Make sure either a global administrator or an Intune service administrator account is used for the integration.

To check permissions in Intune,

Go to the Microsoft Endpoint Manager admin center and click Tenant administration > Roles > My permissions.

 

2. Can the SDAdmin use a different Microsoft account for the integration if SSO is enabled?

You cannot use any other Microsoft account besides the linked account for integrations when logging in with SSO.

To use another Microsoft account, disconnect the linked Microsoft account in Zoho Accounts > Linked accounts and then authorize using the new account credentials.

 

3. I have enabled Azure/User Sync integration using one Microsoft account. Can I use a different Microsoft account for Intune Integration?   

You can only use one Microsoft account for all integrations. To change the Microsoft account for integrations,

  • Go to Setup > Users & Permissions > Requesters > Import Users > Import from Azure.

  • Click Disconnect Account and use a new account for the integration.

 

4. What is the information synced into AssetExplorer Cloud from Microsoft Intune?

Workstations:

AssetExplorer Cloud Fields

MS Intune Fields

Name

Name

Service Tag

Serial number

Serial Number

Serial number

Model

Model

Manufacturer

Manufacturer

Operating System

Operating system

Version (Operating System)

Operating system version

Wifi - MAC Address (Network Adapters)

Wifi MAC

Ethernet - MAC Address (Network Adapters)

Ethernet MAC

Capacity (Hard Disks)

Total storage space

 

Mobile devices:

AssetExplorer Cloud Fields

MS Intune Fields

Name

Name

IMEI

IMEI

Serial Number

Serial number

Discovered Serial Number

Serial number

Product Manufacturer

Manufacturer

Product

Model

Ethernet - MAC Address (Network Adapters)

Ethernet MAC

Wifi - MAC Address (Network Adapters)

Wifi MAC

Platform (Operating System)

Operating system

OS Name (Operating System)

Operating system

OS Version (Operating System)

Operating system version

Total Capacity

Total storage space

Available Capacity

Free storage space

 

5. Why do the workstations imported from Microsoft Intune also appear under Unaudited Workstations?

Unaudited workstations list the workstations that have an unsuccessful scan status or have been unreachable by the probe.

In Intune integration, the asset is not scanned, but the asset information is pulled from Microsoft Intune.

Since the workstations created through the integration haven't interacted with the probe, their scan status isn't set. As a result, they appear under Unaudited Workstations.

 

6. What are the possible causes of assets of a specific model or product not syncing?

To ensure that devices are synced properly, verify whether the product type is set correctly.

The product type of a device must be set to either Workstation or Server for Windows and macOS devices, and either Smartphone or Tablet for Android and iOS devices. The product type can be viewed under Setup > Customization > Asset Management > Product.

 

7. How are existing workstations identified and updated in the application instead of being created as new workstations?

When workstations are synced from Microsoft Intune, AssetExplorer Cloud will identify these workstations by their name and service tag.

If the synchronized workstation matches an existing workstation, the new data will replace the existing data.

If no workstation is found with the same properties, a new asset will be created with the newly synchronized workstation's name.

If multiple workstations have the same properties, one of the existing workstations will be updated randomly.


8. How are existing mobile devices identified and updated in the application instead of being created as new mobiles?
When a new mobile device comes into the application from Intune through the sync process, the system will search for the mobile devices with either the same serial number or the same IMEI.

When mobile devices are synced from Microsoft Intune, AssetExplorer Cloud will identify these devices by their serial number and IMEI.

If the synchronized mobile phone matches an existing device, the new data will replace the existing data.

If no mobile phone is found with the same properties a new asset will be created with the newly synchronized mobile phone's serial number and IMEI.

If multiple mobile phones have the same properties, the data of one existing phone will be modified at random.

 

9. The customer is unable to consent to the integration. How to resolve the following error?

When the global administrator blocks their organization's users from consenting to the apps in Azure, the following error message occurs.

 

 

Follow the below steps to check if the user consent has been blocked or not.

  1. Log in to the Microsoft Azure portal using the Global Administrator credentials.

  2. Go to Azure Active Directory > Enterprise applications > Consent and permissions.

  3. Select User consent setting. If the Do not allow user consent radio button is enabled under the User consent for applications, the organization users are not allowed to consent to the apps.


    • Related Articles

    • Microsoft Azure

      Azure integration is an additional authorization over Microsoft single sign-on. This integration allows you to import users' department and site details in addition to the basic information from the Azure directory. Role Required: SDAdmin/OrgAdmin in ...
    • Microsoft Azure AD User Sync

      Sync users periodically from Azure Active Directory to AssetExplorer Cloud. You can import users based on criteria and custom-map Azure fields with AssetExplorer fields as required. AssetExplorer Cloud just reads user information from Azure via API ...
    • Microsoft Office 365 Calendar

      Sync technicians' leave information in AssetExplorer Cloud and Office 365 Calendar. After you enable the integration, users shall record their leave in just one of the application calendars, and the leave will be automatically synced and displayed in ...
    • Asset FAQs

      Asset Management License Consumption and Asset States Will an asset be included in license consumption if it is moved to a disposed or expired state? No, Disposed or Expired assets do not consume license. How to create an asset state similar to ...
    • Scanned Software

      AssetExplorer Cloud monitors all software in the organization, eliminating security threats and optimizing software usage. AssetExplorer Cloud scans your network to identify the software installed on workstations and manages software licenses, ...